Introduction

LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions.

Where can you configure the user settings?

In LUCY < 2.5 you can edit them under the “users” navigation tab:

In LUCY > 2.5 you will find the user settings under “Settings/Users”:

Is there a limitation on how many users can access LUCY?

No. You have the ability to create as many LUCY users that can access the web console as you want.

What are the different user roles?

User: this user role created by the admin user can be given individual rights for each LUCY feature. The user can later be added to a specific campaign.

Supervisor: Maintain the overview with access to the campaign specifications. Communicate directly with the campaign creator (user) to suggest changes and give approval to green light the campaign (in LUCY > 3.1). The supervisor is in the hierarchy above the user. Therefore it is not possible to supervise a system admin. The Supervisor is technically the same as the user account, but you may assign users to the supervisor account and approve/reject their campaigns. Within the settings you can select which users you want to supervise:

You have the ability to define a supervisor who is able to START/STOP the campaign which was created by a user. To do so add an user to a campaign with all permissions selected, add his supervisor to the same campaign with “Campaign start/stop” permission selected. As a result the supervisor will only be able to go into the campaign and approve or reject the start.

Administrators: The LUCY admin can save all settings within LUCY and run the campaign. This is the user that you need to perform your awareness campaigns. You cannot seggragate administrators in a way, that an admin A doesnt see the clients from an admin B. This can only be done in the LUCY SaaS edition.

View Only Users: The View Only User can only see certain statistics of the campaign. This user cannot start/stop a campaign. The user also has no rights in viewing or changing any of the campaign settings. First, you need to create a client name. The client name is always associated with a campaign. Then you can associate that user with the client. As a result the View Only User will only see all the campaigns which belong to that specific client.

Please make sure you also add the view only user to the specific campaign:

Can I enforce a password policy or strong authentication?

In LUCY < 3.1 there is no option for strong authentication or minimal password complexity. Therefore it is the responsibility of the administrative user to choose secure passwords:

Passwords should have at least eight characters.

Passwords can’t contain the user name or parts of the user’s full name, such as his first name.

Passwords must use at least three of the four available character types: lowercase letters, uppercase letters, numbers, and symbols.